University of Agder
€12,700
Insufficient technical and organisational measures to ensure information security
Ngày ra quyết định
4 tháng 9, 2024
Thẩm quyền
Norwegian Supervisory Authority (Datatilsynet)
NO
Ngành
Public Sector and Education
Quốc gia
NO
Luật
GDPRTrạng thái
FINALMô tả
The Norwegian DPA has fined the University of Agder (UiA) EUR 12,700. An employee of UiA had discovered that documents containing personal data of employees, students and external individuals were stored in open Microsoft Teams foldersand that employees with no business need were able to access them. During its investigation, the DPA found that UiA had failed to implement appropriate technical and organisational measures to protect personal data.
Trích dẫn pháp lý
Art. 32Art. 24
Vấn đề & Vi phạm
Insufficient technical and organisational measures to ensure information security